Web Application Analysistemplate-injectionweb-vulnerabilitiescli-toolssticsti

TInjA

CLI tool for testing web pages for template injection vulnerabilities. Supports 44 of the most relevant template engines for eight different programming languages.

Description

TInjA is a CLI tool designed for detecting template injection vulnerabilities in web applications. Template injection, also known as Server-Side Template Injection (SSTI) or Client-Side Template Injection (CST), occurs when user input is unsafely embedded into templates, allowing attackers to execute arbitrary code.

The tool scans web pages by injecting payloads tailored to various template engines across multiple programming languages. It supports testing single URLs, multiple URLs, raw files, or JSONL files containing test cases. This makes it versatile for penetration testing and vulnerability assessments in web development environments.

Published by Hackmanit under Apache License 2.0, TInjA is maintained on GitHub and provides detailed reporting, including options for JSON output with HTML escaping.

How It Works

TInjA operates by sending crafted payloads to target web pages and analyzing responses for reflections indicative of template injection. It memorizes preceding characters (default 30) around reflection points in the body to identify context. Supports custom cookies, headers, and proxy certificates. Includes headless browser mode (--csti) for client-side template injections. Detection covers 44 template engines in eight languages by matching response patterns against known injection signatures.

Installation

bash

sudo apt install tinja

Flags

--config stringset the path for a config file to be read

-c, --cookie stringsadd custom cookie(s)

--cstienable scanning for Client-Side Template Injections using a headless browser

--escapereportescape HTML special chars in the JSON report

-H, --header stringsadd custom header(s)

-h, --helphelp for tinja

--precedinglength inthow many chars shall be memorized, when getting the preceding chars of a body reflection point (default 30)

--proxycertpath stringset the path for the certificate of the proxy

Examples

Display help and usage information for tinja

tinja -h

Scan a single or multiple URLs for template injection vulnerabilities

tinja url

Scan using a Raw file for template injection testing

tinja raw

Scan using a JSONL file for batch template injection analysis

tinja jsonl

Scan URLs for Client-Side Template Injections using headless browser

tinja url --csti

Scan URLs with custom cookie for authenticated template injection testing

tinja url -c "session=abc123"

Scan URLs with custom header injection simulation

tinja url -H "X-Forwarded-For: 127.0.0.1"

Updated 2026-04-16kali.org ↗